Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/qBbPAft3FWUnWh4M6QbA4zR0xig.roa
File:                     qBbPAft3FWUnWh4M6QbA4zR0xig.roa (raw, json)
Hash identifier:          F60FmMouqBuHf/lcjKBMzLkzhlv6RxJ5MDnmKBuksKw=
Subject key identifier:   A8:16:CF:01:FB:77:15:65:27:5A:1E:0C:E9:06:C0:E3:34:74:C6:28
Certificate issuer:       /CN=1cd3c30939b906a4515a1c65c08836829b6a3289
Certificate serial:       019B7D5D22668E59EAAC56678FFE106E0905
Authority key identifier: 1C:D3:C3:09:39:B9:06:A4:51:5A:1C:65:C0:88:36:82:9B:6A:32:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HNPDCTm5BqRRWhxlwIg2gptqMok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/qBbPAft3FWUnWh4M6QbA4zR0xig.roa
Signing time:             Fri 02 Jan 2026 06:20:14 +0000
ROA not before:           Fri 02 Jan 2026 06:20:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49122
IP address blocks:        94.229.112.0/22 maxlen: 22
                          94.229.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/HNPDCTm5BqRRWhxlwIg2gptqMok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/HNPDCTm5BqRRWhxlwIg2gptqMok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HNPDCTm5BqRRWhxlwIg2gptqMok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:22:66:8e:59:ea:ac:56:67:8f:fe:10:6e:09:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cd3c30939b906a4515a1c65c08836829b6a3289
        Validity
            Not Before: Jan  2 06:20:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a816cf01fb771565275a1e0ce906c0e33474c628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:21:80:5d:e6:ae:4d:00:d6:80:d9:a4:21:7c:
                    9a:7e:90:05:30:e9:e6:d9:c0:e7:45:89:09:aa:a7:
                    34:a2:54:97:8d:43:10:23:6e:54:0e:8d:8b:80:b6:
                    72:62:36:b3:d7:6d:09:ab:f2:ce:a2:d4:dc:a2:fb:
                    5f:63:70:c1:5c:be:59:90:5c:b5:59:d6:d4:27:ea:
                    94:d6:4f:12:5e:e2:1c:3d:dc:b1:44:49:79:a3:03:
                    b8:33:09:5b:e3:e4:8b:ac:58:4a:49:1d:fb:80:76:
                    31:38:b7:f9:3d:14:29:84:62:1c:44:c1:ef:c5:8e:
                    5b:8a:8a:bf:01:e5:4f:af:94:bb:f4:9f:b9:89:23:
                    33:9d:61:d7:eb:b2:4c:7a:a4:81:37:70:d6:31:71:
                    36:f8:dd:4c:a0:57:b1:2a:0e:b2:6f:a1:45:dd:ed:
                    c9:93:ba:f0:a4:83:87:f0:82:4a:70:2e:45:50:93:
                    61:56:66:15:a3:0c:d0:98:7f:74:af:72:d9:bf:ae:
                    ea:ed:a6:9c:49:dc:d7:8a:68:60:6e:f3:2d:18:4f:
                    79:1c:b9:9b:db:7f:02:88:c4:4f:54:35:66:91:78:
                    7a:6b:d3:8b:03:6d:f2:bc:25:00:59:0c:48:8d:dc:
                    32:de:c4:97:f7:cb:65:d6:28:8b:6f:b2:94:23:3a:
                    0b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:16:CF:01:FB:77:15:65:27:5A:1E:0C:E9:06:C0:E3:34:74:C6:28
            X509v3 Authority Key Identifier:
                keyid:1C:D3:C3:09:39:B9:06:A4:51:5A:1C:65:C0:88:36:82:9B:6A:32:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HNPDCTm5BqRRWhxlwIg2gptqMok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/qBbPAft3FWUnWh4M6QbA4zR0xig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/9c5768-e80a-4110-a46d-0ff86ef95e0f/1/HNPDCTm5BqRRWhxlwIg2gptqMok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.112.0/22
                  94.229.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:01:da:4e:39:f7:6f:6b:ca:83:67:13:82:7b:06:f7:6a:d8:
         66:21:db:24:ee:9c:9f:ce:c0:97:0f:2d:c5:e1:a1:b5:ab:85:
         d1:ce:15:14:0d:3f:9a:5d:6d:50:d1:b4:bf:b9:58:9b:33:3e:
         12:93:a9:68:83:f0:41:8b:b0:f1:de:09:50:f2:f3:c4:fa:9d:
         fd:90:f4:f9:9c:e5:c9:43:0b:10:dc:c2:04:54:3f:7c:39:64:
         81:9e:eb:92:70:b2:b5:c9:f8:f4:f2:df:de:be:8a:d7:42:71:
         23:4f:ba:0e:c1:2a:f8:08:0a:dc:36:71:e3:b0:d5:3a:a0:2b:
         d1:98:7b:89:65:f8:10:76:5b:4f:d0:ff:48:53:e9:e5:64:ff:
         15:0d:8b:91:61:b2:5a:e1:bd:10:55:a4:3d:83:22:ee:53:73:
         f5:d0:61:c0:bb:e4:30:4c:e5:dc:3f:01:cb:43:2d:48:e9:a3:
         35:02:f2:1d:b6:93:d6:24:66:84:2d:93:65:f0:db:13:ce:85:
         8f:b0:04:01:1c:52:03:e4:7b:c7:ad:21:09:b3:8e:56:c0:a7:
         d2:2c:59:a4:b0:41:ce:25:d5:cf:b7:6b:88:b5:bc:75:7a:91:
         be:53:34:b0:70:b3:46:c4:49:ec:ca:99:57:6b:bb:e9:e7:80:
         8d:1e:a1:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt9XSJmjlnqrFZnj/4QbgkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZDNjMzA5MzliOTA2YTQ1MTVhMWM2NWMwODgzNjgyOWI2
YTMyODkwHhcNMjYwMTAyMDYyMDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE2Y2YwMWZiNzcxNTY1Mjc1YTFlMGNlOTA2YzBlMzM0NzRjNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyGAXeauTQDWgNmkIXyafpAFMOnm
2cDnRYkJqqc0olSXjUMQI25UDo2LgLZyYjaz120Jq/LOotTcovtfY3DBXL5ZkFy1
WdbUJ+qU1k8SXuIcPdyxREl5owO4Mwlb4+SLrFhKSR37gHYxOLf5PRQphGIcRMHv
xY5bioq/AeVPr5S79J+5iSMznWHX67JMeqSBN3DWMXE2+N1MoFexKg6yb6FF3e3J
k7rwpIOH8IJKcC5FUJNhVmYVowzQmH90r3LZv67q7aacSdzXimhgbvMtGE95HLmb
238CiMRPVDVmkXh6a9OLA23yvCUAWQxIjdwy3sSX98tl1iiLb7KUIzoLWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKgWzwH7dxVlJ1oeDOkGwOM0dMYoMB8GA1UdIwQY
MBaAFBzTwwk5uQakUVocZcCINoKbajKJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE5QRENUbTVCcVJSV2h4bHdJZzJncHRxTW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi85YzU3NjgtZTgwYS00MTEwLWE0NmQt
MGZmODZlZjk1ZTBmLzEvcUJiUEFmdDNGV1VuV2g0TTZRYkE0elIweGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi85YzU3NjgtZTgwYS00MTEwLWE0NmQtMGZmODZlZjk1ZTBm
LzEvSE5QRENUbTVCcVJSV2h4bHdJZzJncHRxTW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXuVwAwQC
XuV8MA0GCSqGSIb3DQEBCwUAA4IBAQAjAdpOOfdva8qDZxOCewb3athmIdsk7pyf
zsCXDy3F4aG1q4XRzhUUDT+aXW1Q0bS/uVibMz4Sk6log/BBi7Dx3glQ8vPE+p39
kPT5nOXJQwsQ3MIEVD98OWSBnuuScLK1yfj08t/evorXQnEjT7oOwSr4CArcNnHj
sNU6oCvRmHuJZfgQdltP0P9IU+nlZP8VDYuRYbJa4b0QVaQ9gyLuU3P10GHAu+Qw
TOXcPwHLQy1I6aM1AvIdtpPWJGaELZNl8NsTzoWPsAQBHFID5HvHrSEJs45WwKfS
LFmksEHOJdXPt2uItbx1epG+UzSwcLNGxEnsyplXa7vp54CNHqFO
-----END CERTIFICATE-----